Cybersecurity symposium puts key issues on table in day 1

AUG. 24, 2015 --
The first day of the NASCUS/CUNA Cybersecurity Symposium opened to a packed house and a packed agenda of the latest developments in the realm of cyber security. More than 100 regulators, policy makers and IT professionals were present at the opening of the program, being staged in Denver, Colo.

Among the highlights:

Tom Schauer, CEO of Trust CC, kicked off the program with an overview of the cvber security landscape. Based on everything that has gone on in the past year (the OPM data breach, activity by foreign governments Ashley Madison and ‘hacktivism’), he recommended five key points for credit unions to consider for the remainder of 2015 and into 2016: Make sure privilege escalation can be detected; make sure incident response is ready; address the high and medium-high deficiencies; regularly revisit the questions of (1) If I wanted to steal money from the CU, how would I do it and what can prevent this attack; and (2) If I wanted to negatively impact the reputation of the CU, how would I do it and what can prevent this attack? Finally, recruit IT talent to the Board so the Board is well equipped to provide guidance and oversight to management.

Patrick Sickels, internal auditor for CUSO CU*Answers addressed effective internal cyber policies and procedures, noting the critical nature of policy versus procedure. “Your policy should be a rule, e.g., ‘you must use encryption to send emails with sensitive information,’” he told the group. “Your procedure should be ‘the how,’ e.g., ‘You sign into MOVEIT, use Zix, etc., for ensuring encryption.”

John Eyre, AVP of IT, TAPCO Credit Union (in Fircrest, WA) suggested using tools as easy to obtain as open source programming Visual Basic to develop effective security, recommending network security should be multi layered, VB scripting can be extremely powerful and there are many examples are available on the Internet of effective use of the programming tool.

In “Life After a Data Breach,” Wes Withrow, cybersecurity expert for TraceSecurity, noted some key points about data breaches: Money isn’t your enemy, variation is; bouncing back is easier than you may expect; you should expect to experience a breach, and; you must control the narrative.